Service Agreement Data Privacy Addendum

Although Agile Harbor Services does not include the treatment of personal data provided by the Customer as such, the potential access to such data by Agile Harbor in the performance of its obligations under this contract cannot be completely ruled out.

Considering the above, the Customer will take all necessary measures to ensure that any personal data which is not necessary for Agile Harbor to have full access to in performance of the services under this Agreement, but is subject to applicable legal restrictions, will have all personal identifying data replaced by artificial identifiers (also known as “pseudonymization”) prior to the access by Agile Harbor.

In all cases, the Customer guarantees the fulfillment of its obligations as “controller” and “exporter” of the personal data under the applicable law, in particular the Customer guarantees that the personal data for which it is responsible for, have been collected and are treated in accordance with the General Data Protection Regulation (“GDPR”).

All access by Agile Harbor to personal data collected and treated by the Customer will be subject to the following specific provisions:

  1. The Customer authorizes Agile Harbor to access to the personal data collected and treated by them in its condition as controller and or exporter of such personal data, with the sole purpose and with the extent needed for Agile Harbor to comply with its duties under this Contract.
  2. The treatment of the personal data by Agile Harbor on behalf of the Customer will be carried out exclusively with the aim of providing the services subject to this Contract as described in clauses 2.1 to 2.5 above. In the event of access to personal data, the processing operations to be carried out by Agile Harbor will be limited to:
    1. Structuring
    2. Storage
    3. Consultation
    4. Alignment
    5. Combination
  3. To perform the services arising from compliance with the purpose of this Contract, the Customer will provide Agile Harbor with the following relevant information:
    1. Name, physical address, phone number and email address of the Customer’s clients
    2. Name, physical address, phone number and email address of Customer’s providers
  4. The access to and treatment of the personal data by Agile Harbor will be carried out during the performance of the services called for under this Contract. Upon termination or conclusion of this Contract, Agile Harbor shall erase all personal data received during performance of this Contract. However, Agile Harbor may store a copy with the data duly blocked while they may still be held liable for providing the service to Customer.
  5. Agile Harbor and their employees shall undertake:
    1. Not to disclose personal data to third parties without express authorization from the Customer and in accordance with the GDPR.
    2. To maintain the duty of secrecy regarding the personal data accessed and processed under this contract, even after its termination.
    3. To keep documentation accrediting compliance with the obligation set forth in this Clause available for the Customer.
    4. To immediately inform the Customer, without undue delay, of any breach that Agile Harbor is aware of for the security of the personal data together with any information to support and report the incident. Agile Harbor shall also inform the Customer on the possible consequences of the personal data security breach and the measures adopted to mitigate possible negative effects.
    5. To provide the Customer with all the information necessary to prove compliance with its obligations, as well as to conduct audits and inspections carried out by the Customer or another auditor authorized by them.
  6. Agile Harbor shall comply with applicable laws on the technical and organizational security measures regarding:
    1. The pseudonymization and encryption of personal data.
    2. The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.
    3. The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
    4. A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
  7. Agile Harbor shall ensure that the individuals authorized to process personal data have the necessary personal data protection training.